Internet of Things (IoT) involves the increasing prevalence of objects and entities that are usually wirelessly connected and communicate within short distances. Our work focuses on identifying critical security and privacy vulnerabilities of and developing novel, practical counter measures [MobiSys16, Infocom14, Infocom15, MobiSys12, TMC16].

1) Near Field Communication (NFC) security. NFC has enjoyed drastic penetration in mobile payment, wearable devices, smart appliance, logistics, and smart objects and tags. The global NFC market will reach over USD $200 billion in five years, thanks to the prominence of IoT applications. We are among the first to study the security vulnerability of NFC. We showed that commodity NFC-enabled mobile devices can be eavesdropped from up to 240 cm away, which is at least an order of magnitude of the intended communication distance. We then designed a hardware security system called nShield that can intelligently attenuate the signal strength against passive eavesdropping and harvest the NFC energy wirelessly.

2) Practical Bluetooth sniffing and identification systems. Bluetooth has become the de facto wireless interface for smart devices. The global shipments of Bluetooth units will reach 3 billion in 2017. We proposed BlueEar – the first practical Bluetooth traffic sniffer where two Bluetooth-compliant radios coordinate with each other on learning the hopping sequence of indiscoverable Bluetooth networks, predicting adaptive hopping behavior, and mitigating the impacts of RF interference. We developed BlueID – a practical system that identifies Bluetooth devices by fingerprinting their clocks based on the temporal feature of Bluetooth frequency hopping, which is impossible to forge without a customized baseband. Moreover, BlueID employs simple yet efficient techniques to detect and differentiate low power Bluetooth transmissions from a distance, making it suitable for mobile applications like energy efficient localization and tracking.

3) Secure Visible Light Communication (VLC) for IoT. VLC has been identified as a promising connectivity technology for IoT thanks to its extreme scalability including orders of magnitude higher bandwidth than radio channels and pervasive lighting infrastructure. We have developed COBRA – the first practical VLC system for off-the-shelf smartphones and IoT devices based on 2D barcodes. Due to the directionality and short range of visible light, COBRA can preserve data privacy in short-range communication between IoT devices. COBRA adopts new barcode designs and novel image processing techniques to achieve real-time barcode stream decoding. We also formally analyze the security of COBRA-like systems based on geometric models and propose physical security enhancement mechanisms.

Research Thrusts1. Practical Bluetooth Traffic Sniffing: Systems and Privacy Implications. With the prevalence of Bluetooth-enabled mobile and IoT devices, potential breach of user privacy has been an increasing concern. To date, sniffing Bluetooth traffic has been widely considered an extremely intricate task due to Bluetooth's indiscoverable mode, vendor-dependent adaptive hopping behavior, and the interference in the open 2.4 GHz band. We develop BlueEar -- a practical Bluetooth traffic sniffer. BlueEar features a novel dual-radio architecture where two Bluetooth-compliant radios coordinate with each other on learning the hopping sequence of indiscoverable Bluetooth networks, predicting adaptive hopping behavior, and mitigating the impacts of RF interference. Experiment results show that BlueEar can maintain a packet capture rate higher than 90% consistently in real-world environments, where the target Bluetooth network exhibits diverse hopping behaviors in the presence of dynamic interference from coexisting 802.11 devices. In addition, we discuss the privacy implications of the BlueEar system, and present a practical countermeasure that effectively reduces the packet capture rate of the sniffer to 20%. The proposed countermeasure can be easily implemented on the Bluetooth master device while requiring no modification to slave devices like keyboards and headsets.

System architecture and a prototype of BlueEar.

2. nShield: A Noninvasive NFC Security System for Mobile Devices. The Near Field Communication (NFC) technology is gaining increasing popularity among mobile and IoT devices. However, as a relatively new and developing technology, NFC may also introduce security threats that make mobile devices vulnerable to various malicious attacks. We conduct the first system study on the feasibility of and defense again passive NFC eavesdropping. Our experiments show that commodity NFC-enabled mobile devices can be eavesdropped from up to 240 cm away, which is at least an order of magnitude of the intended NFC communication distance. This finding challenges the general perception that NFC is largely immune to eavesdropping because of its short working range. We then present the design of a hardware security system called nShield. With a small form factor, nShield can be attached to the back of mobile devices to attenuate the signal strength against passive eavesdropping. At the same time, the absorbed RF energy is scavenged by nShield for its perpetual operation. nShield intelligently determines the right attenuation level that is just enough to sustain reliable data communication. We implement a prototype of nShield, and evaluate its performance via extensive experiments. Our results show that nShield has low power consumption (23 uW), can harvest significant amount of power (55 mW), and adaptively attenuates the signal strength of NFC in a variety of realistic settings, while only introducing insignificant delay (up to 2.2 s).

System architecture and a prototype of nShield.

3. COBRA: Color Barcode Streaming for Smartphone Systems. We propose COBRA – a visible light communication (VLC) system for off-the-shelf smartphones. COBRA encodes information into specially designed 2D color barcodes and streams them between screen and camera of smartphones. Due to the directionality and short range of visible light, COBRA can preserve user privacy and security in many near field communication scenarios such as opportunistic data exchange between smartphones. We develop a new 2D color barcode for COBRA that is optimized for streaming between small-size screen and low-speed camera of smartphones. COBRA adapts the size and layout of code blocks in streamed barcodes to deal with the significant image blur in mobile environments, and adopts new image processing techniques to achieve real-time barcode stream decoding. Our approach is evaluated through extensive experiments on Android smartphones.

However, the security of barcode-based communication in mobile applications has not been systematically studied. Due to the visual nature, 2D barcodes are subject to eavesdropping when they are displayed on the smartphone screens. On the other hand, the fundamental design principles of 2D barcodes make it difficult to add security features. We propose SBVLC-a secure system for barcode-based visible light communication (VLC) between smartphones. We formally analyze the security of SBVLC based on geometric models and propose physical security enhancement mechanisms for barcode communication by manipulating screen view angles and leveraging user-induced motions. We then develop three secure data exchange schemes that encode information in barcode streams. These schemes are useful in many security-sensitive mobile applications including private information sharing, secure device pairing, and contactless payment. SBVLC is evaluated through extensive experiments on both Android and iOS smartphones.

System architecture of COBRA, and the barcode design adopted by COBRA for VLC communication.

A typical experimental setup of two CO- BRA phones. The sender (Google Nexus S) on the right is sending data to the receiver (HTC Inspire) on the left; The illustration of secure communication using barcodes.